Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Sanitize sysdb search filters in the IPA provider | Stephen Gallagher | 2010-11-15 | 1 | -2/+17 |
| | |||||
* | Sanitize search filters for the sysdb | Stephen Gallagher | 2010-11-15 | 1 | -6/+39 |
| | |||||
* | Add sysdb utility function for sanitizing DN | Stephen Gallagher | 2010-11-15 | 2 | -0/+27 |
| | |||||
* | Add utility function to sanitize LDAP/LDB filters | Stephen Gallagher | 2010-11-15 | 3 | -0/+131 |
| | | | | Also adds a unit test. | ||||
* | Properly check the return value from semanage_commit | Stephen Gallagher | 2010-11-05 | 1 | -2/+2 |
| | | | | | | | semanage_commit() returns -1 on error, and can return a positive value on success. https://bugzilla.redhat.com/show_bug.cgi?id=649037 | ||||
* | Review comments for namingContexts patches | Sumit Bose | 2010-11-05 | 3 | -23/+17 |
| | |||||
* | Handle errors during log reopening better | Stephen Gallagher | 2010-11-05 | 2 | -3/+30 |
| | |||||
* | Make ldap_search_base a non-mandatory option | Sumit Bose | 2010-11-04 | 3 | -39/+46 |
| | |||||
* | Use (default)namingContext to set empty search bases | Sumit Bose | 2010-11-04 | 4 | -1/+117 |
| | |||||
* | Add defaultNamingContext to RootDSE attributes | Sumit Bose | 2010-11-04 | 2 | -0/+3 |
| | |||||
* | Call krb5_child to check access permissions | Sumit Bose | 2010-11-04 | 2 | -4/+129 |
| | |||||
* | Make handle_child_* request public | Sumit Bose | 2010-11-04 | 4 | -326/+432 |
| | | | | | | I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit. | ||||
* | Add krb5_kuserok() access check to krb5_child | Sumit Bose | 2010-11-04 | 1 | -17/+73 |
| | |||||
* | Make krb5_setup() public | Sumit Bose | 2010-11-04 | 3 | -6/+8 |
| | |||||
* | Add krb5_get_simple_upn() | Sumit Bose | 2010-11-04 | 3 | -6/+30 |
| | |||||
* | Add infrastructure for Kerberos access provider | Sumit Bose | 2010-11-04 | 5 | -27/+187 |
| | |||||
* | Store krb5 auth context for other targets | Sumit Bose | 2010-11-04 | 1 | -1/+2 |
| | |||||
* | Don't clean up groups for which a user has it as primary GID | Stephen Gallagher | 2010-11-04 | 1 | -2/+15 |
| | | | | | | | | | | We were cleaning up all groups that were expired and for which there existed no user with memberOf: <thegroup> as an attribute. This patch modifies the search to also check for cached users with this group's GID as their primary GID. Fixes https://fedorahosted.org/sssd/ticket/624 | ||||
* | Fix two return value checks | Sumit Bose | 2010-11-01 | 1 | -2/+2 |
| | |||||
* | Fix misused SDAP_SEARCH_BASE | Moritz Baumann | 2010-11-01 | 1 | -1/+1 |
| | |||||
* | Fix incorrect free of req in krb5_auth.c | Stephen Gallagher | 2010-11-01 | 1 | -1/+1 |
| | |||||
* | Mention ding-libs in BUILD.txt | Sumit Bose | 2010-10-27 | 1 | -33/+11 |
| | |||||
* | Allow authentication for referrals | Sumit Bose | 2010-10-27 | 1 | -0/+193 |
| | |||||
* | Bumping version to 1.5.0 dev | Stephen Gallagher | 2010-10-26 | 1 | -1/+1 |
| | |||||
* | Always use uint32_t for UID/GID numbers | Jakub Hrozek | 2010-10-26 | 9 | -50/+44 |
| | |||||
* | Improve versioning for automated builds | Stephen Gallagher | 2010-10-26 | 1 | -5/+5 |
| | | | | | | Also changes 'make srpms' and 'make prerelease-srpms' to 'make srpm' and 'make prerelease-srpm', as we are only building one SRPM. | ||||
* | Fix double free issue | Sumit Bose | 2010-10-26 | 1 | -2/+2 |
| | |||||
* | Always use talloc_zero() to allocate cmdctx | Sumit Bose | 2010-10-26 | 2 | -3/+3 |
| | |||||
* | Remove all nss requests after a reconnect | Sumit Bose | 2010-10-26 | 3 | -1/+26 |
| | | | | | | | Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing. | ||||
* | Implement netgroups for proxy provider | Sumit Bose | 2010-10-25 | 4 | -2/+144 |
| | |||||
* | Add netgroups infrastructure to proxy provider | Sumit Bose | 2010-10-25 | 3 | -0/+42 |
| | |||||
* | Download only enabled IPA HBAC rules | Sumit Bose | 2010-10-22 | 1 | -1/+3 |
| | |||||
* | Add some missing ldap_memfree() | Sumit Bose | 2010-10-22 | 2 | -3/+6 |
| | |||||
* | Add ldap_deref option | Sumit Bose | 2010-10-22 | 10 | -3/+103 |
| | |||||
* | Updating uk translation | Yuri Chornoivan | 2010-10-22 | 1 | -8/+6 |
| | |||||
* | Write log opening failures to the syslog | Stephen Gallagher | 2010-10-19 | 3 | -2/+5 |
| | | | | | If there is a problem with reopening the logs, it can be an audit trail issue. | ||||
* | Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip. | Jan Zeleny | 2010-10-19 | 12 | -10/+79 |
| | | | | | | | | For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543 | ||||
* | Updating pl translation | Piotr Drąg | 2010-10-19 | 1 | -5/+3 |
| | |||||
* | Updating version for SSSD 1.4.0 releasesssd-1_4_0 | Stephen Gallagher | 2010-10-18 | 1 | -1/+1 |
| | |||||
* | Fix 'make distcheck' for XML documentation | Stephen Gallagher | 2010-10-18 | 1 | -1/+1 |
| | | | | | A missing $(srcdir) variable was preventing 'make distcheck' from working if run from a parallel build directory. | ||||
* | Updating translation files for release | Stephen Gallagher | 2010-10-18 | 14 | -3178/+3420 |
| | |||||
* | Move all references to ldap_<entity>_search_base to "advanced" section | Jan Zeleny | 2010-10-18 | 2 | -44/+52 |
| | | | | | | | The <entity> can be one of user, group or netgroup. The references were removed from example configuration and they were moved from section Configuration options to section Advanced options. Ticket: #607 | ||||
* | set in_transaction explicitly to false | Jakub Hrozek | 2010-10-18 | 1 | -1/+1 |
| | |||||
* | Use unsigned long for conversion to id_t | Jakub Hrozek | 2010-10-18 | 4 | -40/+22 |
| | | | | | | | | We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead. | ||||
* | Add proper nested initgroup support for RFC2307bis servers | Stephen Gallagher | 2010-10-18 | 1 | -3/+761 |
| | |||||
* | Modify sysdb_[add|remove]_group_member to accept users and groups | Stephen Gallagher | 2010-10-18 | 4 | -44/+102 |
| | | | | | | | | Previously, it assumed that all members were users. This changes the interface so that either a user or a group can be specified. Also, it eliminates the need for a memory context to be passed, since the internal memory should be self-contained. | ||||
* | Handle nested groups in RFC2307bis | Stephen Gallagher | 2010-10-18 | 1 | -1/+776 |
| | | | | | | | | This first approach handles the non-optimized "pure" RFC2307bis case. It recursively calls into nested groups until it it has found them all or hits the pre-defined nesting limit. It then saves all member users first, then all groups to the sysdb | ||||
* | Make sdap_save_users_send handle zero users gracefully | Stephen Gallagher | 2010-10-18 | 1 | -0/+5 |
| | | | | | If we send a zero num_users value, we should just immediately return success, rather than starting a useless transaction | ||||
* | Add option to limit nested groups | Simo Sorce | 2010-10-18 | 7 | -3/+24 |
| | |||||
* | Save dummy member users during RFC2307 getgr{nam,gid} | Jakub Hrozek | 2010-10-15 | 1 | -82/+279 |
| |